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IN THE CLAIMS 

Please amend claims 1, 10-13, and 22-24 as follows: 



1. (Currently amended) A public key infrastructure (PKI) comprising: 
a subject; 

a certificate authority issuing a first unsigned certificate to the subject that binds a 
public key of the subject to long-term identification information related to the subject, the 
certificate authority maintaining a certificate database of records representing issued unsigned 
certificates in which it stores a record representing the first unsigned certificate; and 

a verifier maintaining a hash table containing cryptographic hashes of valid unsigned 
certificates corresponding to the unsigned certificates records stored in the certificate database 
and including a cryptographic hash of the first unsigned certificate, wherein the subject 
presents the issued first unsigned certificate to the verifier for authentication and 
demonstrates that the subject has knowledge of a private key corresponding to the public key 
in the unsigned certificate. 

2. (Original) The PKI of claim 1 wherein the first unsigned certificate includes an 
expiration date/time. 

3. (Original) The PKI of claim 1 wherein the first unsigned certificate does not include 
an expiration date/time. 

4. (Original) The PKI of claim 1 wherein the private key is stored in a smartcard 
accessible by the subject. 

5. (Original) The PKI of claim 1 wherein the private key is stored in a secure software 
wallet accessible by the subject. 

6. (Original) The PKI of claim 1 wherein the verifier computes the cryptographic hash 
of the first unsigned certificate with a collision-resistant hash function. 
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7. (Original) The PKI of claim 6 wherein the collision-resistant hash function is a SHA- 
1 hash function. 

8. (Original) The PKI of claim 6 wherein the collision-resistant hash function is a MD5 
hash function. 

9. (Original) The PKI of claim 1 wherein the certificate authority and the verifier 
operate to revoke the first unsigned certificate when the binding of the subject's public key to 
the long-term identification information related to the subject becomes invalid. 

10. (Currently amended) The PKI of claim 9 wherein the certificate authority and the 
verifier perform the revocation protocol to revoke the first unsigned certificate, the revocation 
protocol including: 

the certificate authority retrieving a record representing the first unsigned certificate 
from the c e rtificate database and computing obtaining a cryptographic hash of the first 
unsigned certificate; 

the certificate authority sending a message to verifier containing the cryptographic 
hash of the first unsigned certificate and requesting that the verifier remove the corresponding 
cryptographic hash of the first unsigned certificate from its hash table; 

the verifier removing the cryptographic hash of the first unsigned certificate from its 
hash table and notifying the certificate authority that it has removed the cryptographic hash of 
the first unsigned certificate from its hash table; and 

the certificate authority collecting the notification sent by the verifier. 

11. (Currently amended) The PKI of claim 10 wherein the revocation protocol includes 
the certificate authority marking the record of the first unsigned certificate in the certificate 
database as being invalid, for auditing purposes. 

12. (Currently amended) The PKI of claim 10 wherein the revocation protocol includes 
the certificate authority deleting the record representing the first unsigned certificate from the 
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certificat e database. 

13. (Currently amended) A method of authenticating a subject to a verifier in a public 
key infrastructure (PKI), the method comprising the steps of: 

issuing a first unsigned certificate from a certificate authority to the subject that binds 
a public key of the subject to long-term identification information related to the subject; 

maintaining, at the certificate authority, a certificate database of records representing 
issued unsigned certificates; 

storing a record representing the first unsigned certificate in the certificate database; 

maintaining, at the verifier, a hash table containing cryptographic hashes of valid 
unsigned certificates corresponding to the records unsign e d certificates stored in the 
certificate database and including a cryptographic hash of the first unsigned certificate; 

presenting the issued first unsigned certificate from the subject to the verifier for 
authentication; 

demonstrating, by the subject, that the subject has knowledge of a private key 
corresponding to the public key in the unsigned certificate. 

14. (Original) The method of claim 13 wherein the first unsigned certificate includes an 
expiration date/time. 

15. (Original) The method of claim 13 wherein the first unsigned certificate does not 
include an expiration date/time. 

16. (Original) The method of claim 13 further comprising the step of: 
storing the private key in a smartcard accessible by the subject. 

17. (Original) The method of claim 13 further comprising the step of: 
storing the private key in a secure software wallet accessible by the subject. 

18. (Original) The method of claim 13 further comprising the step of: 

computing, by the verifier, the cryptographic hash of the first unsigned certificate with 
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a collision-resistant hash function. 

19. (Original) The method of claim 18 wherein the collision-resistant hash function is a 
SHA-1 hash function. 

20. (Original) The method of claim 18 wherein the collision-resistant hash function is a 
MD5 hash function. 

21. (Original) The method of claim 13 further comprising the step of: 

revoking the first unsigned certificate when the binding of the subject's public key to 
the long-term identification information related to the subject becomes invalid. 

22. (Currently amended) The method of claim 21 wherein the revoking step includes the 
steps of: 

retrieving the record representing the first unsigned certificate from the certificate 
database and computing obtaining a cryptographic hash of the first unsigned certificate; 

sending a message from certificate authority to verifier containing the cryptographic 
hash of the first unsigned certificate; 

requesting that the verifier remove the corresponding cryptographic hash of the first 
unsigned certificate from its hash table; 

removing the cryptographic hash of the first unsigned certificate from the hash table; 

notifying the certificate authority that the cryptographic hash of the first unsigned 
certificate is removed from the hash table; and 

collecting, at the certificate authority, the notification sent in the notifying step. 

23. (Currently amended) The method of claim 22 wherein the revoking step further 
includes: 

marking the record representing the first unsigned certificate in the certificate 
database as being invalid, for auditing purposes. 

24. (Currently amended) The method of claim 22 wherein the revoking step further 
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includes: 




deleting the record representing the first unsigned certificate from the c e rtificate 
database. 
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